4205 matches found
CVE-2022-49790
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...
AZL-69662 CVE-2025-23141 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...
@blubox/body-parser (>=1.0.0 <=1.0.1), @breautek/storm (>=8.0.0 <=8.4.0) +73 more potentially affected by CVE-2025-46653 via formidable (>=3.2.4 <=3.5.2)
formidable NPM version =3.2.4, =1.0.0, =8.0.0, =0.0.1, =0.0.1, =0.0.1, =3.4.4, =0.1036.4000, =40.0.1, =1.2.1, =0.2.14, =16.0.1, =2.13.1, =2.15.3 and more Source cves: CVE-2025-46653 Source advisory: OSV:GHSA-75V8-2H7P-7M2M...
SUSE CVE-2025-39735
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the "sizecheck" label in eaget, the code checks if the extended attribute list xattr size matches easize. If not, it logs "eaget: invalid extended attribute" and calls printhexdump...
SUSE CVE-2025-39989
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
Metasploit Wrap-Up 04/18/2025
Smaller Fetch Payloads This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPEFETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously...
CVE-2025-39989
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
AZL-69728 CVE-2025-39989 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
DEBIAN-CVE-2025-39989
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
UBUNTU-CVE-2025-39989
In the Linux kernel, the following vulnerability has been resolved: x86/mce: use iscopyfromuser to determine copy-from-user context Patch series "mm/hwpoison: Fix regressions in memory failure handling", v4. 1. What am I trying to do: This patchset resolves two critical regressions related to...
CVE-2025-26996
Improper Control of Generation of Code 'Code Injection' vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.0.1...
CVE-2025-26996
Improper Control of Generation of Code 'Code Injection' vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Code Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.0.1...
CVE-2025-26996
CVE-2025-26996 describes an improper generation of code vulnerability ( shortcode/code injection ) in the WordPress Sign-up Sheets plugin. Affected versions are Sign-up Sheets up to 2.3.0.1; exploitation would enable unauthenticated shortcode execution leading to arbitrary code execution in affec...
PT-2025-16526 · Unknown · Fetch Designs Sign-Up Sheets
Name of the Vulnerable Software and Affected Versions: Fetch Designs Sign-up Sheets versions prior to 2.3.0.1 Description: The issue is related to improper control of code generation, allowing code injection. This problem enables the injection of code, potentially leading to unauthorized access o...
GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
RUSTSEC-2025-0022 Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
Malicious code in whatwg-node-fetch-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3126 Malicious code in whatwg-node-fetch-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...